European Commission Finds Privacy Shield Adequate to Protect EU Data

NEWS ANALYSIS: The EU's finding is a critical first step in allowing data sharing between Europe and the U.S., but a number of review steps remain, and everything depends on U.S. actions.

While the recently negotiated Privacy Shield is a major step, the EU insisted on an annual review of actual practices, especially actions by the US government. The Privacy Shield agreement includes sanctions if the agreement isn't upheld, including a complete block to all data flow.
As you might imagine, a number of U.S. companies, such as Facebook or computer hardware manufacturers such as Apple, depend heavily on the ability to make use of the protected data of EU citizens. This is one reason why Apple CEO Tim Cook is fighting the government's demands that it open up a terrorist's iPhone.
Unfortunately, this whole agreement can be undone by the actions of U.S. government officials more interested in their own convenience than in the rule of law. An obvious example of this is the continuing effort by the U.S. Department of Justice for force Microsoft to open the email account of a suspected drug dealer who is an EU citizen on a server located in the EU. While the Microsoft case hasn't been mentioned by EC members, it's exactly the sort of thing that European officials are concerned about.
The reason Europeans are worried is that in the Microsoft email server case, there already exist laws and procedures that were negotiated in a legal assistance treaty that was ratified by Congress. This treaty is the law of the land in the U.S., yet the DoJ has felt no need to abide by it in the name of expediency. Thus there is this demand for an annual assessment to ensure that the U.S. isn't violating its own laws and the agreement with Europe.

Documents leaked by Snowden showed that the NSA was routinely looking at data passing between the U.S. and Europe. To some extent the NSA has a rationale for its actions, since the mission of that agency is to spy on the actions of people outside the U.S. and on people who are not US citizens.

What bothered the EU wasn't the fact that the NSA was spying. After all, the Europeans have their own spy agencies, some of which target the U.S., but rather the wholesale nature of the spying. The fact that all traffic, including things like personal emails and routine financial transactions were swept up in the NSA's computers was naturally unsettling to the EU.
Unfortunately, there's no guarantee that even though the U.S. has agreed to protect the data of Europeans, that it will actually happen. U.S. agencies’ track record, notably the DoJ's, is marked more by the violation than observance of established rules. If I were the EU data protection officials, I'd be worried, too.